This document summarizes a penetration test of the Hack The Box machine OpenAdmin. The writer found that ports 22 and 80 were open. Enumerating port 80 revealed an Apache default page and dirbuster found a page at /ona. This page disclosed an opennetadmin installation vulnerable to RCE. Exploiting this gave a www-data shell. Credentials in a database settings file were used to SSH as user jimmy. Further enumeration revealed an internal site at port 52846 containing Joanna's SSH key, which was extracted using SSH tunneling or curl. John the Ripper cracked the key's passphrase and the writer SSHed as Joanna. Sudo privileges without a password allowed escalating to root using a nano privilege
From zero to almost rails in about a million slides...david_e_worth
A presentation explaining the web with zero background aimed at brand new developers wanting to build Ruby on Rails applications but not knowing where to start
Finding a lost song with Node.js and async iteratorsLuciano Mammino
Did you ever get that feeling when a random song pops into your brain and you can’t get rid of it? Well, that happened to me recently and I couldn’t even remember the title of the damn song! In this talk, I want to share with you the story of how I was able to recover the details of the song by navigating some music-related APIs using JavaScript, Node.js and the magic of async iterators!
From zero to almost rails in about a million slides...david_e_worth
A presentation explaining the web with zero background aimed at brand new developers wanting to build Ruby on Rails applications but not knowing where to start
Finding a lost song with Node.js and async iteratorsLuciano Mammino
Did you ever get that feeling when a random song pops into your brain and you can’t get rid of it? Well, that happened to me recently and I couldn’t even remember the title of the damn song! In this talk, I want to share with you the story of how I was able to recover the details of the song by navigating some music-related APIs using JavaScript, Node.js and the magic of async iterators!
Finding a lost song with Node.js and async iterators - EnterJS 2021Luciano Mammino
Did you ever get that feeling when a random song pops into your brain and you can’t get rid of it? Well, that happened to me recently and I couldn’t even remember the title of the damn song! In this talk, I want to share with you the story of how I was able to recover the details of the song by navigating some music-related APIs using JavaScript, Node.js and the magic of async iterators!
Finding a lost song with Node.js and async iterators - NodeConf Remote 2021Luciano Mammino
Did you ever get that feeling when a random song pops into your brain and you can’t get rid of it? Well, that happened to me recently and I couldn’t even remember the title of the damn song! In this talk, I want to share with you the story of how I was able to recover the details of the song by navigating some music-related APIs using JavaScript, Node.js and the magic of async iterators!
Border Patrol - Count, throttle, kick & ban in perlDavid Morel
Presentation of the Schedule::AdaptiveThrottler perl module, under its original name. Made for the Portuguese Perl Workshop in Porto in 2010. The module is available on https://metacpan.org/pod/Schedule::AdaptiveThrottler and https://github.com/dmorel/Schedule-AdaptiveThrottler
Finding a lost song with Node.js and async iteratorsLuciano Mammino
Did you ever get that feeling when a random song pops into your brain and you can’t get rid of it? Well, that happened to me recently and I couldn’t even remember the title of the damn song! In this talk, I want to share with you the story of how I was able to recover the details of the song by navigating some music-related APIs using JavaScript, Node.js and the magic of async iterators!
here you will learn few new commands. commands like banner,sort,sort file,compress,uncompress,zcat command etc. you will learn how to compress file using terminal and also how to uncompress that file. you will learn how to print some FANCY TEXT etc.
Internal knowledge share on SSH setup and usage. Includes some helpful config file options to save time and how to create and use SSH keys for better security and productivity.
These slides cover 30-40 different ways to do privilege escalation and become root. There were presented at Null Bhopal. Details on this link: https://null.co.in/events/491-bhopal-null-bhopal-meet-16-september-2018-monthly-meet
Finding a lost song with Node.js and async iterators - EnterJS 2021Luciano Mammino
Did you ever get that feeling when a random song pops into your brain and you can’t get rid of it? Well, that happened to me recently and I couldn’t even remember the title of the damn song! In this talk, I want to share with you the story of how I was able to recover the details of the song by navigating some music-related APIs using JavaScript, Node.js and the magic of async iterators!
Finding a lost song with Node.js and async iterators - NodeConf Remote 2021Luciano Mammino
Did you ever get that feeling when a random song pops into your brain and you can’t get rid of it? Well, that happened to me recently and I couldn’t even remember the title of the damn song! In this talk, I want to share with you the story of how I was able to recover the details of the song by navigating some music-related APIs using JavaScript, Node.js and the magic of async iterators!
Border Patrol - Count, throttle, kick & ban in perlDavid Morel
Presentation of the Schedule::AdaptiveThrottler perl module, under its original name. Made for the Portuguese Perl Workshop in Porto in 2010. The module is available on https://metacpan.org/pod/Schedule::AdaptiveThrottler and https://github.com/dmorel/Schedule-AdaptiveThrottler
Finding a lost song with Node.js and async iteratorsLuciano Mammino
Did you ever get that feeling when a random song pops into your brain and you can’t get rid of it? Well, that happened to me recently and I couldn’t even remember the title of the damn song! In this talk, I want to share with you the story of how I was able to recover the details of the song by navigating some music-related APIs using JavaScript, Node.js and the magic of async iterators!
here you will learn few new commands. commands like banner,sort,sort file,compress,uncompress,zcat command etc. you will learn how to compress file using terminal and also how to uncompress that file. you will learn how to print some FANCY TEXT etc.
Internal knowledge share on SSH setup and usage. Includes some helpful config file options to save time and how to create and use SSH keys for better security and productivity.
These slides cover 30-40 different ways to do privilege escalation and become root. There were presented at Null Bhopal. Details on this link: https://null.co.in/events/491-bhopal-null-bhopal-meet-16-september-2018-monthly-meet
Pentesting an unfriendly environment: bypassing (un)common defences and mate ...Sandro Zaccarini
Watched an hacking tutorial, followed the steps and pwnd every host in your VirtualBox lab.
Felt like a blackhat, you started an engagement in real life and it goes like the Titanic.
Want to see some (un)common defence and a way to bypass them?
During this talk, you’ll follow the path from no-access to checkmating the king, dodging and going past unexpected pitfall using well and maybe less known tricks and tools.
Author: Jameel Nabbo
Company: UITSEC
This guide contain a practical hands on Linux privilege escalation techniques and methods. based on a real penetration testing experience.
Apresentação na Pós-Graduação em Segurança da Informação:
- Sniffer de senhas em plain text;
- Ataque de brute-force no SSH;
- Proteção: Firewall, IPS e/ou TCP Wrappers;
- Segurança básica no sshd_config;
- Chaves RSA/DSA para acesso remoto;
- SSH buscando chaves no LDAP;
- Porque previnir o acesso: Fork Bomb
In software engineering, the right architecture is essential for robust, scalable platforms. Wix has undergone a pivotal shift from event sourcing to a CRUD-based model for its microservices. This talk will chart the course of this pivotal journey.
Event sourcing, which records state changes as immutable events, provided robust auditing and "time travel" debugging for Wix Stores' microservices. Despite its benefits, the complexity it introduced in state management slowed development. Wix responded by adopting a simpler, unified CRUD model. This talk will explore the challenges of event sourcing and the advantages of Wix's new "CRUD on steroids" approach, which streamlines API integration and domain event management while preserving data integrity and system resilience.
Participants will gain valuable insights into Wix's strategies for ensuring atomicity in database updates and event production, as well as caching, materialization, and performance optimization techniques within a distributed system.
Join us to discover how Wix has mastered the art of balancing simplicity and extensibility, and learn how the re-adoption of the modest CRUD has turbocharged their development velocity, resilience, and scalability in a high-growth environment.
A Comprehensive Look at Generative AI in Retail App Testing.pdfkalichargn70th171
Traditional software testing methods are being challenged in retail, where customer expectations and technological advancements continually shape the landscape. Enter generative AI—a transformative subset of artificial intelligence technologies poised to revolutionize software testing.
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Globus
The Earth System Grid Federation (ESGF) is a global network of data servers that archives and distributes the planet’s largest collection of Earth system model output for thousands of climate and environmental scientists worldwide. Many of these petabyte-scale data archives are located in proximity to large high-performance computing (HPC) or cloud computing resources, but the primary workflow for data users consists of transferring data, and applying computations on a different system. As a part of the ESGF 2.0 US project (funded by the United States Department of Energy Office of Science), we developed pre-defined data workflows, which can be run on-demand, capable of applying many data reduction and data analysis to the large ESGF data archives, transferring only the resultant analysis (ex. visualizations, smaller data files). In this talk, we will showcase a few of these workflows, highlighting how Globus Flows can be used for petabyte-scale climate analysis.
Unleash Unlimited Potential with One-Time Purchase
BoxLang is more than just a language; it's a community. By choosing a Visionary License, you're not just investing in your success, you're actively contributing to the ongoing development and support of BoxLang.
Into the Box Keynote Day 2: Unveiling amazing updates and announcements for modern CFML developers! Get ready for exciting releases and updates on Ortus tools and products. Stay tuned for cutting-edge innovations designed to boost your productivity.
Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdfJay Das
With the advent of artificial intelligence or AI tools, project management processes are undergoing a transformative shift. By using tools like ChatGPT, and Bard organizations can empower their leaders and managers to plan, execute, and monitor projects more effectively.
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisGlobus
JASMIN is the UK’s high-performance data analysis platform for environmental science, operated by STFC on behalf of the UK Natural Environment Research Council (NERC). In addition to its role in hosting the CEDA Archive (NERC’s long-term repository for climate, atmospheric science & Earth observation data in the UK), JASMIN provides a collaborative platform to a community of around 2,000 scientists in the UK and beyond, providing nearly 400 environmental science projects with working space, compute resources and tools to facilitate their work. High-performance data transfer into and out of JASMIN has always been a key feature, with many scientists bringing model outputs from supercomputers elsewhere in the UK, to analyse against observational or other model data in the CEDA Archive. A growing number of JASMIN users are now realising the benefits of using the Globus service to provide reliable and efficient data movement and other tasks in this and other contexts. Further use cases involve long-distance (intercontinental) transfers to and from JASMIN, and collecting results from a mobile atmospheric radar system, pushing data to JASMIN via a lightweight Globus deployment. We provide details of how Globus fits into our current infrastructure, our experience of the recent migration to GCSv5.4, and of our interest in developing use of the wider ecosystem of Globus services for the benefit of our user community.
Listen to the keynote address and hear about the latest developments from Rachana Ananthakrishnan and Ian Foster who review the updates to the Globus Platform and Service, and the relevance of Globus to the scientific community as an automation platform to accelerate scientific discovery.
AI Pilot Review: The World’s First Virtual Assistant Marketing SuiteGoogle
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
👉👉 Click Here To Get More Info 👇👇
https://sumonreview.com/ai-pilot-review/
AI Pilot Review: Key Features
✅Deploy AI expert bots in Any Niche With Just A Click
✅With one keyword, generate complete funnels, websites, landing pages, and more.
✅More than 85 AI features are included in the AI pilot.
✅No setup or configuration; use your voice (like Siri) to do whatever you want.
✅You Can Use AI Pilot To Create your version of AI Pilot And Charge People For It…
✅ZERO Manual Work With AI Pilot. Never write, Design, Or Code Again.
✅ZERO Limits On Features Or Usages
✅Use Our AI-powered Traffic To Get Hundreds Of Customers
✅No Complicated Setup: Get Up And Running In 2 Minutes
✅99.99% Up-Time Guaranteed
✅30 Days Money-Back Guarantee
✅ZERO Upfront Cost
See My Other Reviews Article:
(1) TubeTrivia AI Review: https://sumonreview.com/tubetrivia-ai-review
(2) SocioWave Review: https://sumonreview.com/sociowave-review
(3) AI Partner & Profit Review: https://sumonreview.com/ai-partner-profit-review
(4) AI Ebook Suite Review: https://sumonreview.com/ai-ebook-suite-review
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns
Unlocking Business Potential: Tailored Technology Solutions by Prosigns
Discover how Prosigns, a leading technology solutions provider, partners with businesses to drive innovation and success. Our presentation showcases our comprehensive range of services, including custom software development, web and mobile app development, AI & ML solutions, blockchain integration, DevOps services, and Microsoft Dynamics 365 support.
Custom Software Development: Prosigns specializes in creating bespoke software solutions that cater to your unique business needs. Our team of experts works closely with you to understand your requirements and deliver tailor-made software that enhances efficiency and drives growth.
Web and Mobile App Development: From responsive websites to intuitive mobile applications, Prosigns develops cutting-edge solutions that engage users and deliver seamless experiences across devices.
AI & ML Solutions: Harnessing the power of Artificial Intelligence and Machine Learning, Prosigns provides smart solutions that automate processes, provide valuable insights, and drive informed decision-making.
Blockchain Integration: Prosigns offers comprehensive blockchain solutions, including development, integration, and consulting services, enabling businesses to leverage blockchain technology for enhanced security, transparency, and efficiency.
DevOps Services: Prosigns' DevOps services streamline development and operations processes, ensuring faster and more reliable software delivery through automation and continuous integration.
Microsoft Dynamics 365 Support: Prosigns provides comprehensive support and maintenance services for Microsoft Dynamics 365, ensuring your system is always up-to-date, secure, and running smoothly.
Learn how our collaborative approach and dedication to excellence help businesses achieve their goals and stay ahead in today's digital landscape. From concept to deployment, Prosigns is your trusted partner for transforming ideas into reality and unlocking the full potential of your business.
Join us on a journey of innovation and growth. Let's partner for success with Prosigns.
Quarkus Hidden and Forbidden ExtensionsMax Andersen
Quarkus has a vast extension ecosystem and is known for its subsonic and subatomic feature set. Some of these features are not as well known, and some extensions are less talked about, but that does not make them less interesting - quite the opposite.
Come join this talk to see some tips and tricks for using Quarkus and some of the lesser known features, extensions and development techniques.
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Globus
The U.S. Geological Survey (USGS) has made substantial investments in meeting evolving scientific, technical, and policy driven demands on storing, managing, and delivering data. As these demands continue to grow in complexity and scale, the USGS must continue to explore innovative solutions to improve its management, curation, sharing, delivering, and preservation approaches for large-scale research data. Supporting these needs, the USGS has partnered with the University of Chicago-Globus to research and develop advanced repository components and workflows leveraging its current investment in Globus. The primary outcome of this partnership includes the development of a prototype enterprise repository, driven by USGS Data Release requirements, through exploration and implementation of the entire suite of the Globus platform offerings, including Globus Flow, Globus Auth, Globus Transfer, and Globus Search. This presentation will provide insights into this research partnership, introduce the unique requirements and challenges being addressed and provide relevant project progress.
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTier1 app
Even though at surface level ‘java.lang.OutOfMemoryError’ appears as one single error; underlyingly there are 9 types of OutOfMemoryError. Each type of OutOfMemoryError has different causes, diagnosis approaches and solutions. This session equips you with the knowledge, tools, and techniques needed to troubleshoot and conquer OutOfMemoryError in all its forms, ensuring smoother, more efficient Java applications.
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxrickgrimesss22
Discover the essential features to incorporate in your Winzo clone app to boost business growth, enhance user engagement, and drive revenue. Learn how to create a compelling gaming experience that stands out in the competitive market.
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Globus
Large Language Models (LLMs) are currently the center of attention in the tech world, particularly for their potential to advance research. In this presentation, we'll explore a straightforward and effective method for quickly initiating inference runs on supercomputers using the vLLM tool with Globus Compute, specifically on the Polaris system at ALCF. We'll begin by briefly discussing the popularity and applications of LLMs in various fields. Following this, we will introduce the vLLM tool, and explain how it integrates with Globus Compute to efficiently manage LLM operations on Polaris. Attendees will learn the practical aspects of setting up and remotely triggering LLMs from local machines, focusing on ease of use and efficiency. This talk is ideal for researchers and practitioners looking to leverage the power of LLMs in their work, offering a clear guide to harnessing supercomputing resources for quick and effective LLM inference.
Software Engineering, Software Consulting, Tech Lead.
Spring Boot, Spring Cloud, Spring Core, Spring JDBC, Spring Security,
Spring Transaction, Spring MVC,
Log4j, REST/SOAP WEB-SERVICES.
1. Hack The Box OpenAdmin 10.10.10.171 Writeup
By Kaiziron (Please give a respect in my HTB profile
https://www.hackthebox.eu/home/users/profile/76593)
I am new to penetration testing. This is my first writeup on Hack The Box.
--------------------------------------------------------------------------------------------------------------------------------------
So, we will start with a nmap scan.
We can see that port 22(SSH) and port 80(http) are open. And we will first enumerate port 80 first.
2. We can see it is an apache2 default page, so some other pages may in some other locations.
Let’s use dirbuster to see if we can find any other pages. After a while, dirbuster found a page /ona
Let’s browser to that page and see if there’s any information disclosure.
3. We can see it show that the version is v18.1.1 and the “DOWNLOAD” hyperlink show that it is
probably running something called opennetadmin.
We found an exploit for this version of opennetadmin in github by googling.
https://github.com/amriunix/ona-rce
It is a python script which can check if the target is vulnerable, and of course can also exploit this
vulnerability.
That script show that our target is vulnerable to this exploit. Then we will use it to exploit the
vulnerability and try gain a shell.
We gain a shell as www-data. However we are in /opt/ona/www and unable to change directory
with cd, but we can use ls and also cat so it doesn’t matter at all.
After some enumeration we found there is a file in /opt/ona/www/local/config called
database_settings.inc.php . We use cat to open it up.
4. And it seems is the credentials of some database. Don’t forget that port 22(SSH) is open.
Let’s try to login with SSH with the password n1nj4W4rri0R! and see if there’s any password reuse.
We use “cat /etc/passwd” to open up the passwd file to check some username in this machine.
We can found 2 users, called jimmy and Joanna.
We can also find the user by using “ls -la /home/” to check for home folder of user.
Then we will try to use SSH to login to those users using sshpass to enter in one line for convenient.
sshpass -p n1nj4W4rri0R! ssh jimmy@10.10.10.171
sshpass -p n1nj4W4rri0R! ssh joanna@10.10.10.171
We can successfully login as jimmy but not Joanna.
5. After some enumeration, we found few interesting things, first there is a folder in /var/www/ called
internal which is owned by user jimmy which looks like a webpage.
We found few pages inside the internal folder, one of them is very interesting.
This php file will execute a command “cat /home/joanna/.ssh/id_rsa” which should be the key of
joanna ssh.
Second, we found a file /etc/apache2/sites-available/internal.conf which seems is the configuration
file of the internal site.
6. It shows that it listen on port 52846.
So now we will try to browse to main.php in the internal site on port 52846 to get the ssh key of
Joanna /home/joanna/.ssh/id_rsa .
We try to use browser to browse 10.10.10.171:52846 , however it is unable to connect.
The site named internal so maybe it can only be access in the target machine itself.
So, there is 2 method which I will show in this writeup which can get the ssh key.
Method 1, we set a SSH tunnel to 10.10.10.171:52846.
sshpass -p n1nj4W4rri0R! ssh -L 52846:127.0.0.1:52846 jimmy@10.10.10.171
Then we use browser to browse localhost port 52846, 127.0.0.1:52846.
We found a login page which should be the index.php in /var/www/internal/ .
We tried the credentials jimmy:n1nj4W4rri0R! ,however we failed to login.
7. Then we go to SSH and open index.php with vim.
vim /var/www/internal/index.php
It store the password in sha512 hash, I tried to crack it but failed and it is probably not some easy
password which will present in some weak wordlist.
So we can make some modification in the if statement to make our login succeed. Remember to
undo the modification after we get the SSH key to avoid any spoiler to others.
8. Method 2, we use curl command in SSH which run as the target machine itself, to get the SSH key
--------------------------------------------------------------------------------------------------------------------------------------
Then we copy the RSA private key to our local machine and save as id_rsa.
I tried to use SSH to login to Joanna using id_rsa key. However it will ask for passphrase, so we need
to crack the RSA key first.
We will use john to crack it, so we need to change the RSA key to hash first, we will use ssh2john.py
ssh2john.py id_rsa > id_rsa.hash
Then we will use john to crack it with rockyou.txt as wordlist.
john --wordlist=/usr/share/wordlists/rockyou.txt id_rsa.hash
9. We can see that the passphrase is bloodninjas.
So we will use SSH to login as Joanna.
ssh -i id_rsa joanna@10.10.10.171
bloodninjas
We successfully login as Joanna in SSH and we can get the user.txt.
Now, we will try escalate to root privilege.
After some enumeration, we run the command “sudo -l”, and found that user Joanna can run the
following command using sudo without entering password.
/bin/nano /opt/priv
Which will open /opt/priv with nano in superuser privilege.
Then I go to google and search for nano privilege escalation and I found a guide about privilege
escalation using nano. https://gtfobins.github.io/gtfobins/nano/
10. So we will open /opt/priv using nano with sudo first.
sudo /bin/nano /opt/priv
We can run nano as root and open /opt/priv which is blank,then press ^R^X which is ctrl-r then ctrl-x
We can execute command as root, we can directly view root.txt by running cat /root/root.txt
But in order to gain root shell, we need to run the following command to break out from restricted
environments by spawning an interactive system shell.
reset; bash 1>&0 2>&0
11. After that we need to run “clear”, to clear out the nano UI to have a normal bash shell.
And finally we got a shell in root privilege.
光復香港 時代革命